• Proceedings of the Computational Structural Engineering Institute Conference
• /
• 2009.04a
• /
• pp.442-445
• /
• 2009

지진에 대한 건축물의 확률적 성능평가에 대해서는 지진하중에 대한 건축물의 손상확률 또는 파괴확률을 나타내는 지진취약도 함수를 작성하여 대상 건축물에 대한 지진위험도를 평가하는 방법을 이용하고 있으며 이에 대한 많은 연구가 이루어지고 있다. 본 연구에서는 지진하중과 구조물 재료특성의 불확실성을 고려하고 대상 건축물의 지진취약도 해석을 통하여 비내력벽의 유무에 따른 건축물의 지진거동 및 내진성능을 평가하였다. 비내력벽을 보편화된 모형화 방법인 등가의 대각 압축 스트럿으로 고려하여 비내력벽의 유무에 따른 저층 철근콘크리트 건축물을 모형화하였으며 지진하중의 강도는 유효최대지반가속도를 이용하여 각 건축물에 대하여 지진취약도를 작성하였다. 취약도해석 결과로 연약층을 가지고 있는 건축물의 경우는 손상확률이 골조만 있는 경우보다 크며 동일한 해석모델의 경우에도 해석방법에 따라서 취약도 곡선의 형태가 다름을 알 수 있었다.

• Journal of the Korean Geotechnical Society
• /
• v.33 no.7
• /
• pp.29-41
• /
• 2017

There are uncertainties about the seismic load caused by seismic waves, which cannot be predicted due to the characteristics of the earthquake occurrence. Therefore, it is necessary to consider these uncertainties by probabilistic analysis. In this paper, procedures to develop a fragility curve that is a representative method to evaluate the safety of a structure by stochastic analysis were proposed for cut slopes. Fragility curve that considers uncertainties of soil shear strength parameters was prepared by Monte Carlo Simulation using pseudo static analysis. The fragility curve considering the uncertainty of the input ground motion was developed by performing time-history seismic analysis using selected 30 real ground input motions and the Newmark type displacement evaluation analysis. Fragility curves are represented as the cumulative probability distribution function with lognormal distribution by using the maximum likelihood estimation method.

• Economic and Environmental Geology
• /
• v.36 no.3
• /
• pp.243-255
• /
• 2003

The mathematical models for GIS-based spatial data integration have been developed for geological applications such as mineral potential mapping or landslide susceptibility analysis. Among various models, the effectiveness of fuzzy logic based integration of multiple sets of geological data is investigated and discussed. Unlike a traditional target-driven fuzzy integration approach, we propose a data-driven approach that is derived from statistical relationships between the integration target and related spatial geological data. The proposed approach consists of four analytical steps; data representation, fuzzy combination, defuzzification and validation. For data representation, the fuzzy membership functions based on the likelihood ratio functions are proposed. To integrate them, the fuzzy inference network is designed that can combine a variety of different fuzzy operators. Defuzzification is carried out to effectively visualize the relative possibility levels from the integrated results. Finally, a validation approach based on the spatial partitioning of integration targets is proposed to quantitatively compare various fuzzy integration maps and obtain a meaningful interpretation with respect to future events. The effectiveness and some suggestions of the schemes proposed here are illustrated by describing a case study for landslide susceptibility analysis. The case study demonstrates that the proposed schemes can effectively identify areas that are susceptible to landslides and ${\gamma}$ operator shows the better prediction power than the results using max and min operators from the validation procedure.

• Proceedings of the Korea Information Processing Society Conference
• /
• 2010.11a
• /
• pp.1150-1153
• /
• 2010

정보시스템의 취약성을 사전에 예방하고 보안을 강화하기 위해 여러 가지 방안이 제시되고 있다. 본 연구에서는 소프트웨어의 소스코드 수준에서의 보안성을 확보하기 위해 소스코드 자체의 보안 위험성을 검사하는 도구를 제안한다. 개발자에 의해 무심코 사용되는 위험 함수들을 검출하고 그 대안을 제시하여 소프트웨어 내부에 잠재되는 보안 위협을 예방하는 도구를 개발하고자 한다.

• Proceedings of the Korean Information Science Society Conference
• /
• 2004.10a
• /
• pp.418-420
• /
• 2004

패스워드 기반의 키 교환 프로토콜들은 참여자들이 쉽게 기억할 수 있는 자신의 패스워드를 사용하므로 단순성, 편리성, 이동성의 장점 때문에 광범위하게 사용되지만 완전한 전 방향 보안성(perfect forward secrecy), 패스워드 추측공격과 Denning-Saccon 공격에 취약하다. 본 논문에서 제안한 검증자(verifier)를 사용한 패스워드 기반의 인증 및 키 교환 프로토콜은 키 교환 프로토콜 요구 사항을 만족하고, 알려진 공격으로부터 안전하며 DH(Diffie-Hellman) 키 교환 방법과 해쉬 함수만을 사용하기 때문에 기존의 프로토콜보다 구조가 간단하며 높은 효율성을 가진다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.75-82
• /
• 2009

In this paper, we test for security targeting on APIs of Windows as that is used by many people worldwide. In order to test APIs in DLL fils of Windows OS, we propose Automated Windows API Fuzz Testing(AWAFT) that can execute fuzz testing automatically and implemented the practical tool for AWAFT. AWAFT focuses on buffer overflows and parsing errors of function parameters. Using the tool, we found 177 errors in the system folder of Windows XP SP2. Therefore, AWAFT is useful for security testing of Windows APIs. AWAFT can be applied to libraries of third party software in Windows OS for the security.

• Proceedings of the Korean Information Science Society Conference
• /
• 2008.06a
• /
• pp.343-344
• /
• 2008

최근 시스템의 복잡도가 증자함에 따라 보안 취약점 문제가 더욱 많이 발생하고 있다. 이를 해결하기 위해 보안 패치가 배포되고 있지만, 시스템 서비스의 중단이 필요하고 패치 자체의 안정성이 검증되지 못해 패치의 적용이 늦어지는 문제가 발생한다. 우리는 이러한 문제를 해결하기 위해 업데이트성이 없는 커널을 위한 함수 단위 동적 업데이트 시스템인 DUNK를 설계 하였다. DUNK는 서비스 중단 없는 업데이트를 가능케 하고, 보안 기법인 MAFIA를 이용해 안전한 업데이트를 수행한다. MAFIA는 바이너리 패치 코드의 접근 행위를 분석함으로써 패치된 함수가 기존 함수의 접근 권한을 상속받도록 하고, 이를 검증하는 기술을 제공한다. 본 논문에서는 DUNK의 설계와 MAFIA의 알고리즘 및 수행에 대해 기술한다.

• Journal of KIISE
• /
• v.43 no.11
• /
• pp.1179-1187
• /
• 2016

Android- and Linux-based embedded systems require device drivers, which are structured and built in kernel functions. However, device driver software (firmware) provided by various 3rd parties is not usually checked in terms of their security requirements but is simply included in the final products, that is, Android-based smart phones. In addition, static analysis, which is generally used to detect vulnerabilities, may result in extra cost to detect critical security issues such as privilege escalation due to its large proportion of false positive results. In this paper, we propose and evaluate an effective technique to detect vulnerabilities in Android device drivers using both static and dynamic analyses.

• Journal of Environmental Policy
• /
• v.9 no.2
• /
• pp.185-205
• /
• 2010

Climate change vulnerability assessment based on local conditions is a prerequisite for establishment of climate change adaptation policies. While some studies have developed a methodology for vulnerability assessment at the national level using statistical data, few attempts, whether domestic or overseas, have been made to develop methods for local vulnerability assessments that are easily applicable to a single city. Accordingly, the objective of this study was to develop a conceptual framework for climate change vulnerability, and then develop a general methodology for assessment at the regional level applied to a single coastal city, Mokpo, in Jeolla province, Korea. We followed the conceptual framework of climate change vulnerability proposed by the IPCC (1996) which consists of "climate exposure," "systemic sensitivity," and "systemic adaptive capacity." "Climate exposure" was designated as sea level rises of 1, 2, 3, 4, and 5 meter(s), allowing for a simple scenario for sea level rises. Should more complex forecasts of sea level rises be required later, the methodology developed herein can be easily scaled and transferred to other projects. Mokpo was chosen as a seaside city on the southwest coast of Korea, where all cities have experienced rising sea levels. Mokpo has experienced the largest sea level increases of all, and is a region where abnormal high tide events have become a significant threat; especially subsequent to the construction of an estuary dam and breakwaters. Sensitivity to sea level rises was measured by the percentage of flooded area for each administrative region within Mokpo evaluated via simulations using GIS techniques. Population density, particularly that of senior citizens, was also factored in. Adaptive capacity was considered from both the "hardware" and "software" aspects. "Hardware" adaptive capacity was incorporated by considering the presence (or lack thereof) of breakwaters and seawalls, as well as their height. "Software" adaptive capacity was measured using a survey method. The survey questionnaire included economic status, awareness of climate change impact and adaptation, governance, and policy, and was distributed to 75 governmental officials working for Mokpo. Vulnerability to sea level rises was assessed by subtracting adaptive capacity from the sensitivity index. Application of the methodology to Mokpo indicated vulnerability was high for seven out of 20 administrative districts. The results of our methodology provides significant policy implications for the development of climate change adaptation policy as follows: 1) regions with high priority for climate change adaptation measures can be selected through a correlation diagram between vulnerabilities and records of previous flood damage, and 2) after review of existing short, mid, and long-term plans or projects in high priority areas, appropriate adaptation measures can be taken as per this study. Future studies should focus on expanding analysis of climate change exposure from sea level rises to other adverse climate related events, including heat waves, torrential rain, and drought etc.

• The Journal of Korean Association of Computer Education
• /
• v.14 no.1
• /
• pp.175-185
• /
• 2011

Recently RFID systems have been introduced in place of barcode systems to industries such as logistics, distribution, and manufacturing. Due to security vulnerabilities in wireless communication between the reader and tags, however, the authentication protocols for the communication have also been researched extensively. In order to solve the vulnerability of previously proposed protocols, this paper thus proposes an authentication protocol that satisfies the security requirements in the RFID system and minimizes the quantity of computation such as random number generation, transmitting the micro-time of databases. In addition, it is expected that the proposed cross authentication protocol is safe against replay attack, spoofing attack, traffic analysis, and eavesdropping attack when it is applied to the RFID system. Also, it has advantages such as providing a high level of security at a lower manufacturing cost.